The invention relates generally to a cipher system, and it relates, in particular, to a stream cipher system employing feedback and a logic function.
Cipher systems are used to encode data for transmission in such a way that an unintended recipient of the transmission cannot decipher nor understand the message contained in the transmission without an understanding of the details of the enciphering system and possibly also a key employed in the enciphering. In this way proprietary or highly sensitive data can be transmitted over common airways. These transmissions are themselves understood to involve unsecure data paths which can be easily intercepted by unintended recipients. However, if these recipients cannot perform the required deciphering to reproduce the original data, the security of the system can be maintained.
Many types of cipher systems are widely known and have been described in the open literature. Cipher systems are generally divided into two classes, block ciphers and stream ciphers. A block cipher operates upon a multi-bit block to transform the bit sequence within the block into another sequence having possibly a different block size. However, the blocks remain independent of each other. In contrast, a stream cipher individually changes each bit in a generally infinite stream. In the general case of a stream cipher, the transformation of a particular bit may depend upon the values of neighboring bits but there is no defined block. One type of stream cipher is the auto-key cipher shown schematically in FIGS. 1A and 1B. FIG. 1A illustrates the basic operation of the encipherer. A digital message arrives in plain text, that is, in uneciphered form, on an input line 12 which is connected to the serial input of a shift register 14. The shift register 14 shifts to the left, as illustrated, in synchronism with the bit rate of the input line 12. If the shift register 14 is m bits long, then after m periods of the message, the input appears on the output 16 of the shift register. This delayed bit is then added bit by bit in an adder 18 to the current bit of the message to produce a cipher text on the output 20 of the encipherer.
The design of the decipherer, as illustrated in FIG. 1B, closely resembles that of the encipherer. The cipher text is received on an input line 22 and is added in an adder 24 to the output 26 of an m-bit shift register 28 to produce the deciphered text or message on an output line 30. A binary adder 24 acts as well as a subtractor. The deciphered text is also led into the input of the shift register 28 where it reappears m bits later on the output 26.
It is seen that the cipher test differs significantly from the plain text message and the details of the enciphering must be known if the enciphered text is to be deciphered. Nonetheless, the cipher system illustrated in FIGS. 1A and 1B is relatively simple and a determined recipient can break the code, particularly if the general concept of the cipher system is known.
The most commonly used stream cipher employs a key generator. As shown in FIG. 2A for an encipherer and in FIG. 2B for a decipherer, both consist of an identical key generator 32. In the encipherer, a message arrives on an input line 34 and is added to the output of the key generator 32 in an adder 36 which in modulo 2 arithmetic is an exclusive OR gate. The output 38 of the adder 36 contains the cipher text. In the decipherer, the cipher text arriving on the input line 40 is differenced with the output of a key generator 32 in a subtractor 41. In the case of modulo 2 arithmetic, subtraction and addition are the same so that the sum of the two signals produces on the output 42 the original message. The key generator 32 present in both the encipherer and decipherer produces a sequence of bits independently of the contents of the message for the cipher text. However, the key generator 32 in each of the encipherer and decipherer must be producing the same sequence and be synchronized identically with the message. Security is maintained by maintaining the output of the key generator 32 in confidence. Its output is never transmitted in the clear.
Key generator ciphers have the advantage that if one bit of the cipher text is inverted because of a noisy path, the error is confined to a single bit of the deciphered message and does not propagate to other bits. However, the security provided by many key generator ciphers is considered insufficient.
A special case of a key generator cipherer is illustrated in FIG. 3. This system was proposed to operate with the National Bureau of Standards (NBS) Data Encryption Standard (DES). The DES system relies upon a 56-bit key 44. Both an input register 46 and an output register 48 are 64 bits wide. A DES circuit 50 takes the outputs of the key 44 and the input register 46, operating as a stream to block deserializer, and performs an algorithm on the block according to the Data Encryption Standard and outputs a 64 bit block to the output register 48. The output register 48 is also a shift register and its contents are shifted out as both a serial input 52 to the input register 46 and to an adder 54. The input 56 to the system is the other addend to the adder 54 which produces a signal on the output line 58. This structure is identical for both an encipherer and a decipherer for binary symbols. In the encipherer, the input line 56 carries the message while the output line 58 carries the cipher text. In a decipherer, the cipher text is on the input line 56 while the output line 58 carries the clear text message.
Similar circuitry has been applied to cipher-blocking chaining, as illustrated in FIGS. 4A and 4B for an encipherer and a decipherer respectively. The circuitry is similar to that in FIG. 3 except that in the encipherer, the input 60 to the input register 46 is connected to the output line 62 of the adder 54 so that the cipher text is inputted into the key generator. In the decipherer, the input line 64 to the input register 46 is connected to the input line 66 of the adder 54 so that the cipher text is inputted here as well. For the cipher systems of FIGS. 3 and 4, feedback is employed which is a function of the output of the DES circuit 50. The disadvantage of both methods is the complexity of the circuitry due to the requirement of both an input and an output register and the complexity of the DES algorithm itself. In fact, both methods are brute force techniques for converting a block cipher (DES) into a stream cipher and should not therefore be strictly considered as stream ciphers.